IT expertise at banks’ board level a must, says RBI ED

With cyber threat emerging as a major risk for the financial sector, the Reserve Bank today said banks need to have a board with IT expertise to ensure speedy implementation of measures to address this challenge.

With cyber threat emerging as a major risk for the financial sector, the Reserve Bank today said banks need to have a board with IT expertise to ensure speedy implementation of measures to address this challenge. (Image: Reuters)

With cyber threat emerging as a major risk for the financial sector, the Reserve Bank today said banks need to have a board with IT expertise to ensure speedy implementation of measures to address this challenge. Banks need to have a broader organisational framework to prepare for cyber security threats. “With banking becoming more technology driven, IT expertise at the board level has become a necessity,” Reserve Bank’s Executive Director Meena Hemchandra said at a CII organised cyber security summit here. She said a board level mandate is crucial for the speed with which a bank or a financial institution revs up its cyber security measures. “Unless the board is committed, the speed will be very slow,” the RBI ED said. Banks need to prepare themselves with as much speed as possible as the cyber attackers are fairly more advanced sometimes than the banks, she said.

“You cannot really prepare yourself for cyber security unless your organisational framework is broader. The need to have an appropriate organisational arrangement cannot be just be underestimated and it definitely include having chief security officers (CSOs),” Hemchandra said. She said trade-off between ease of operating and cyber security has to be carefully looked into, preferably at the board level, by framing a policy. At present, banks receive threat information from various sources, including the RBI and CSOs’ forum.

The executive director said banks need to be prompt in sharing any breach in cyber security to authorities and regulators as the information can save others from such attacks. “If you want threat information, then reciprocity is certainly to be expected. The reciprocity demands that banks do not delay in reporting incidents to authorities that are collating,” she added. Besides focusing on cyber security, it is also important for financial institutions to have crisis management plans in place, Hemchandra said.